I have been hearing other teams asking to use this "new" crypto in other standards, but i cannot for the life of me understand why any effort is being put into a crypto scheme that will surely be deprecated (at least by the NSA) by the end of this year. I didn't object to adding it here until others started to add it to new protocols - which is CLEARLY A BAD IDEA.
..tomj On Wednesday, April 9, 2025 at 8:17:38 AM UTC-7 Chris Harrelson wrote: > LGTM3 > > On Thu, Apr 3, 2025 at 1:51 AM Yoav Weiss (@Shopify) <yoav...@chromium.org> > wrote: > >> LGTM2 >> >> On Wed, Apr 2, 2025, 16:18 Daniel Bratell <brat...@gmail.com> wrote: >> >>> LGTM1 >>> >>> /Daniel >>> On 2025-03-31 11:42, Javier Fernandez wrote: >>> >>> Contact emails jfern...@igalia.com >>> >>> Explainer >>> https://github.com/WICG/webcrypto-secure-curves/blob/main/explainer.md >>> >>> Specification https://w3c.github.io/webcrypto/#ed25519 >>> >>> Design docs >>> >>> https://docs.google.com/document/d/1fDTUY3HVAXehi-eSfbi7nxh8ZPw4MpSKM8U1fMdqJlU/edit?usp=sharing >>> >>> Summary >>> >>> This feature adds support for Curve25519 algorithms in the Web >>> Cryptography API, namely the signature algorithm Ed25519 >>> >>> >>> Blink component Blink >>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%22> >>> >>> TAG review https://github.com/w3ctag/design-reviews/issues/466 >>> >>> TAG review status Issues addressed >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> WebCrypto API was specified to allow the addition of new (normalized) >>> crypto algorithms. When an algorithm is not yet supported by a browser, an >>> exception of unrecognized algorithms would be thrown after invoking related >>> APIs. >>> >>> >>> *Gecko*: Shipped/Shipping ( >>> https://bugzilla.mozilla.org/show_bug.cgi?id=1804788) >>> https://www.mozilla.org/en-US/firefox/130.0/releasenotes/ >>> >>> *WebKit*: Shipped/Shipping ( >>> https://bugs.webkit.org/show_bug.cgi?id=246145) >>> https://developer.apple.com/documentation/safari-technology-preview-release-notes/stp-release-178 >>> >>> *Web developers*: No signals >>> >>> *Other signals*: >>> >>> WebView application risks >>> >>> >>> >>> >>> Debuggability >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? Yes >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? Yes >>> >>> >>> https://wpt.fyi/results/WebCryptoAPI?label=experimental&label=master&aligned >>> >>> >>> Flag name on about://flags WebCryptoEd25519 >>> >>> Finch feature name None >>> >>> Non-finch justification >>> >>> The feature has been implemented behind WebCryptoEd25519 runtime flag. >>> >>> >>> Requires code in //chrome? False >>> >>> Tracking bug >>> https://bugs.chromium.org/p/chromium/issues/detail?id=1370697 >>> >>> Availability expectation The feature is already available on the Web >>> Platform, and shipped enabled by default in Firefox and Safari. >>> >>> Adoption expectation This feature is considered a best practice for web >>> apps that need support of Ed25519 signing and X25519 key sharing. Relying >>> on external libraries (JS, WASM) is the alternative and implies security >>> risks. >>> >>> Estimated milestones >>> Shipping on desktop 137 >>> Shipping on Android 137 >>> Shipping on WebView 137 >>> Shipping on iOS 137 >>> >>> Anticipated spec changes >>> >>> small-order checks - >>> https://github.com/WICG/webcrypto-secure-curves/issues/27 >>> >>> randomized signatures - >>> https://github.com/WICG/webcrypto-secure-curves/issues/28 >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/4913922408710144?gate=5015367861141504 >>> >>> Links to previous Intent discussions Intent to Prototype: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/faf4f153-1d4c-915d-53d0-0968833cfe55%40igalia.com >>> >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dc12dc7c-1d3d-4b94-9507-2b7226b85622%40igalia.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dc12dc7c-1d3d-4b94-9507-2b7226b85622%40igalia.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2e25048-e41b-47dd-b442-c0c403bb4d1c%40gmail.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2e25048-e41b-47dd-b442-c0c403bb4d1c%40gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+...@chromium.org. >> > To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSL4%2BSfY2%2BwYKK_MFrK3GXTMeeq0xrOD3pxdsN5P1Oa_Aw%40mail.gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSL4%2BSfY2%2BwYKK_MFrK3GXTMeeq0xrOD3pxdsN5P1Oa_Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/add7c1eb-b0b1-4717-acf8-253cb625c473n%40chromium.org.
